HIPAA 164.312(b)—Audit Controls

The Health Insurance Portability and Accountability Act (HIPAA) Security Audit reports show available documentation and compliance artifacts that help you demonstrate compliance with requirements of the HIPAA Security Rule, as outlined in the HIPAA Audit Protocol.

This report provides information on the implemented software or procedural mechanisms that record and examine activity in information systems to help you demonstrate compliance with HIPAA 164.312(b).

To access the HIPAA 164.312(b) report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Compliance.
  3. Under HIPAA Security Audit, click VIEW.
  4. Click HIPAA 164.312(b) - Audit Controls.

The report summary page displays two columns. HIPAA Audit Protocol lists each audit protocol inquiry for testing the selected HIPAA Security Rule requirement. Available Documentation and Artifacts describes, and contains links to, the documentation and compliance artifacts that this report can generate for each protocol.

Filter the report

To refine your findings, you can filter your report by date range and customer account.

Filter the report using drop-down menus

By default, Alert Logic includes (All) values for most filters in the report.

To add or remove filter values:

  1. Click the drop-down menu in the filter, and then select or clear values.
  2. Click Apply.

Schedule the report

After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.

Available documentation and artifacts

This report provides documentation and artifacts that help you demonstrate that the software or procedural mechanism records and examines activity in information systems that contain or use electronic protected health information (ePHI).

Record and examine activity in information systems

This HIPAA Audit Protocol requires you to demonstrate that you have a hardware, software and/or procedural mechanism to record and examine activity in information systems that contain or use ePHI.

This section includes a link for quick access to the HIPAA 164.308(a)(1)(ii)(D) report in the Reports page in the Alert Logic console to review audit control mechanisms that help you comply with the required implementation specification.

Audit controls

This HIPAA Audit Protocol requires a review of the documentation relative to audit controls, and evaluates whether risk-based audit controls have been implemented over all electronic systems that contain or use ePHI.

Alert Logic does not provide data for this testing procedure. You must provide the policy and procedure documents for this audit.

Evaluate recorded and examined activities

This HIPAA Audit Protocol requires a review of the documentation that demonstrates the implementation of the procedural mechanisms to record and examine activity, and evaluate whether information systems are being recorded and examined, and are appropriate, and in accordance with related policies and procedures.

Alert Logic does not provide data for this testing procedure. You must provide the policy and procedure documents for this audit.